[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: structural objectclass checking
Markus.Storm@t-systems.com wrote:
> Thanks Michael for that idea. But that would mean to assign that new group to every entry that has 2 structural objectclasses today, wouldn't it?
New objectclass, not new group.
> So it would require me to change the upstream data e.g. replace posixGroup by aeGroup and remove groupOfURLs
No need to remove groupOfURLs.
> (to stick with your example) and the application as there's applications to search for e.g.
> &(objectclass=posixGroup)(objectclass=groupOfURLs).
No need to change applications, since the new objectclass would satisfy both of those filters.
> And I would need to fix future entries on the fly (rwm module in replication??)
>
> Guess that won't work out, possibly still easier to work around this in the source code.
> Any opinions on that from people to know the source better than I do ?
>
> Best regards
> Markus
>
>> -----Original Message-----
>> From: Michael Ströder <michael@stroeder.com>
>> Sent: Thursday, January 9, 2020 9:56 AM
>> To: Storm, Markus <Markus.Storm@t-systems.com>; openldap-
>> technical@openldap.org
>> Subject: Re: structural objectclass checking
>>
>> On 1/8/20 7:07 PM, Quanah Gibson-Mount wrote:
>>> --On Wednesday, January 8, 2020 3:25 PM +0000
>>> Markus.Storm@t-systems.com
>>> wrote:
>>>
>>>> is there a way to disable OpenLDAP checking entries for existence of
>>>> STRUCTURAL objectclasses?
>>>
>>> No. This is a hard requirement. The best option would be to fix the
>>> bad data in your upstream system.
>>
>> One possibility to fix this:
>> Define a new STRUCTURAL object class derived from different other
>> STRUCTURAL object classes.
>>
>> E.g. in Æ-DIR I'm using this to provide hybrid posixGroup entries serving RFC
>> 2307 and RFC 2307bis groups:
>>
>> ( 1.3.6.1.4.1.5427.1.389.100.6.1
>> NAME 'aeGroup'
>> DESC 'AE-DIR: Group entry'
>> SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject )
>> STRUCTURAL
>> MUST description
>> MAY ( aeMemberZone $ aeDept $ aeLocation ) )
>>
>> This works because unlike other LDAP directory servers OpenLDAP supports
>> multiple class inheritance.
>>
>> Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/